12 replies to this topic

[Medo3337]

How leading games protect their models, textures and other game data against theft or modification?

Does they use encryption methods? If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games?

Edited by Medo3337, 27 November 2012 - 10:58 AM.

[Steve_Segreto]

It appears to me they don't. I haven't seen any resources that are encrypted. Usually they are compressed or packed into some archive file format, but not encrypted. Most games also have an active modding community so the art resources aren't validated client side. There are always exceptions of course. ..

[Hodgman]

If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games?

Regular .zip or .7z files, with the file extension renamed. Really.

When you play online, the hash of important assets is compared with the server to check if they've been modified. Of course, you could hack the exe to make it lie about the hashes, so they then need 3rd party cheat detectors like PunkBuster/VAC to ensure the exe isn't modified, and then the anti-cheat programs need clever mechanisms to ensure the anti-cheat hasn't been cheated, and so on.

Edited by Hodgman, 29 November 2012 - 06:31 PM.

[TheChubu]

Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression)

Edited by TheChubu, 29 November 2012 - 06:30 PM.

[L. Spiro]

It is not possible to protect your game’s data. Most companies by now have realized this and simply allow their compression to act as a weak encryption rather than adding additional layers of protection for basically nothing.

Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.


L. Spiro

[SimonForsman]

Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.

L. Spiro

It might be worth adding that this recommendation only holds if you are using encryption to prevent a user from copying/reading/modifying data on his own machine while that exact same machine running your software has to be able to decrypt that data.

When you are using encryption to send data to another person / machine and want to ensure that only that person / machine can read the data you should use a popular, well known and well tested encryption system.

[Medo3337]

Have in mind that videogames can use gigabytes and gigabytes of content.

Remember that you only need to decrypt one single mission data to render the mission world, some encryption methods are fast especially because you are dealing with memory and not storage device.

[kubera]

For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.

Protecting resources in the GPU would be a problem.

[Bacterius]

Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression)

That's not possible. Encryption, when done right with the appropriate algorithms, is considerably faster than disk I/O, it cannot be a bottleneck (RC4 on an average processor can reach 600MB/s, that's on a single core). The main reason it's not done is that it's useless. By definition, any data that is going to be used by the program must be decrypted somehow, leaving it free to be read by anyone skilled enough to do so, no matter how many security checks you put in your code. Simply not encrypting, and renaming the compressed file, is enough to throw off near 100% of those who would steal the assets, at which point it's no longer cost-effective to work towards improving asset security.

For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.

Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.

[Vexal]

The only way to be sure is to only let people play your game while you stand behind them watching.

[kubera]

Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.

Yes, but the signature would be broken.

[Bacterius]

Yes, but the signature would be broken.

But how would this matter in practice?

[Hodgman]

Signed executables are required on a lot of platforms (consoles and some PC publishing platforms), however, they're only any use if the security of the authenticator can't be broken. On consoles, it's a closed platform, so this works until someone cracks the hardware/OS, but on PC it's not possible to make 100% secure. If authentication is done locally it can be cracked, and if it's done remotely then a local hack can send lies over the network. In either case, you can still interfere with a running program after it's been launched/authenticated.